General
-
Target
42c356f9bc05705df62648a3e184971fa09a835178f861ff7b0af1ce81ffcdcb
-
Size
126KB
-
Sample
220922-17dl3sgbhn
-
MD5
43741121b0758da2ba62cb98e1d907d1
-
SHA1
6dfb962552fff3c27577767bdbc087d805d057f2
-
SHA256
42c356f9bc05705df62648a3e184971fa09a835178f861ff7b0af1ce81ffcdcb
-
SHA512
68ddd1947feeeddff31d08bd9d3db794a8f7a25992279fe780be608f554df2cffba21a30075354db72324c45b1c42b03ec173a95e5510676833bc7ccf6098db3
-
SSDEEP
3072:Nvx1MeTt0mBx6sNQVxoQr/g0NWeRTUz5x+PynHyPd2PEU4q:FxViVljg0NNmz5xmSySvr
Malware Config
Extracted
raccoon
374ee16b410d434d46689fdd39fc5d91
http://135.181.123.25/
Targets
-
-
Target
42c356f9bc05705df62648a3e184971fa09a835178f861ff7b0af1ce81ffcdcb
-
Size
126KB
-
MD5
43741121b0758da2ba62cb98e1d907d1
-
SHA1
6dfb962552fff3c27577767bdbc087d805d057f2
-
SHA256
42c356f9bc05705df62648a3e184971fa09a835178f861ff7b0af1ce81ffcdcb
-
SHA512
68ddd1947feeeddff31d08bd9d3db794a8f7a25992279fe780be608f554df2cffba21a30075354db72324c45b1c42b03ec173a95e5510676833bc7ccf6098db3
-
SSDEEP
3072:Nvx1MeTt0mBx6sNQVxoQr/g0NWeRTUz5x+PynHyPd2PEU4q:FxViVljg0NNmz5xmSySvr
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-